Django OAuth Service for Third-Party POS Integration

Adapting to API Changes Mid-Project

Midway through development, we changed authentication from simple bearer tokens to full OAuth token exchanges. This required redesigning the authentication architecture to handle 30-minute token expiration across distributed locker systems.

Distributed Token Management

Each restaurant location runs its own locker server and pulls data from Clover directly, not through a central datacenter. The solution needed a secure token refresh service that any authorized locker could access when tokens expired or were rejected.

External Dependency Outage Mitigation

I designed a system for handling outages with third-party services. The system handles failures gracefully. There is monitoring on the token exchanges.

Complex Data Transformation

Mapping order data between Clover's schema and the locker system's format involved reconciling different entity relationships, inconsistent data types (strings vs numbers), and parsing human-readable strings from third-party delivery integrations.

I built a standalone Django application serving as a secure OAuth token exchange service, with the following architecture:

OAuth Token Exchange Service

Built a centralized Django application that handles Clover's OAuth flow and manages token lifecycle. When Clover migrated from simple bearer tokens to OAuth mid-project, I redesigned the authentication layer to handle 30-minute token expiration across all distributed locker locations.

Distributed Token Refresh

Rather than centralizing all API calls, each locker location authenticates to the Django app using long-lived bearer tokens. When a locker's Clover token expires (every ~30 minutes) or is rejected, it requests a fresh token from the central service. This allows the distributed locker servers to maintain their own direct connections to Clover's API while ensuring secure token management.

Security Layer

• TLS encryption for all token exchanges
• Bearer token authentication to prevent unauthorized token requests
• Rate limiting to protect against abuse

Near Real-time Order Synchronization

Implemented Celery background workers to poll Clover's API at regular intervals, transforming and importing orders into each locker system. Email alerts notify operators of failures, with automatic retry logic that continues polling until Clover's API recovers from outages.

Data Transformation Pipeline

Built adapters to map between Clover's order schema and the locker system's expected format, handling inconsistent data types and parsing third-party delivery order strings into structured data.

Production-Ready Deployment

Containerized the entire application with Docker for rapid redeployment and health monitoring, ensuring the token service remains available to distributed locker locations.